﻿
Partial Class login
    Inherits System.Web.UI.Page
    Public Shared Function MD5(ByVal strSource As String, ByVal Code As Int16) As String
        '这里用的是ascii编码密码原文，如果要用汉字做密码，可以用UnicodeEncoding，但会与ASP中的MD5函数不兼容 
        Dim dataToHash As Byte() = (New System.Text.ASCIIEncoding).GetBytes(strSource)
        Dim hashvalue As Byte() = CType(System.Security.Cryptography.CryptoConfig.CreateFromName("MD5"), System.Security.Cryptography.HashAlgorithm).ComputeHash(dataToHash)
        Dim i As Integer
        Select Case Code
            Case 16 '´选择16位字符的加密结果 
                For i = 4 To 11
                    MD5 += Hex(hashvalue(i)).ToLower
                Next
            Case 32 ' ´选择32位字符的加密结果 
                For i = 0 To 15
                    MD5 += Hex(hashvalue(i)).ToLower
                Next
            Case Else ' ´Code错误时，返回全部字符串，即32位字符 
                For i = 0 To hashvalue.Length - 1
                    MD5 += Hex(hashvalue(i)).ToLower
                Next
        End Select
    End Function
    Function EncodeBase64(ByVal StrA)
        Dim BufferA As Byte()
        BufferA = System.Text.Encoding.Default.GetBytes(StrA)
        Dim StrB As String
        StrB = Convert.ToBase64String(BufferA)
        EncodeBase64 = StrB
    End Function
    Function DecodeBase64(ByVal StrA)
        DecodeBase64 = Encoding.GetEncoding("gb2312").GetString(Convert.FromBase64String(StrA))
    End Function
    Function EncodePassWord(ByVal StrA)
        EncodePassWord = mid(MD5(StrA, 32), 11, 13)
        EncodePassWord = mid(MD5(EncodePassWord, 32), 11, 13)
        EncodePassWord = EncodeBase64(EncodePassWord)
        EncodePassWord = replace(EncodePassWord, "=", "MdIO9")
    End Function

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        If Request("Action") = "Login" Then
            Dim connstr, conn, rs
            connstr = ConfigurationSettings.AppSettings("SQLConnString") & """" & Server.MapPath(".") & "\..\" & ConfigurationSettings.AppSettings("dbPath") & """"
            conn = Server.CreateObject("ADODB.Connection")
            conn.open(connstr)
            Dim Admin_UserName, Admin_UserPass
            Admin_UserName = Request.Form("field1")
            Admin_UserPass = Request.Form("field2")
            Admin_UserName = Replace(Admin_UserName, "'", "''")
            Admin_UserPass = EncodePassWord(Admin_UserPass)
            rs = Server.CreateObject("adodb.recordset")
            rs.open("select * from [admin^] where Admin_UserName='" & Admin_UserName & "' and Admin_UserPass='" & Admin_UserPass & "'", conn, 1, 3)
            If rs.eof And rs.bof Then
                rs.close()
                rs = Nothing
                Response.Write("<script language=javascript>alert('请输入正确的用户名和密码');this.location.href='login.aspx';</script>")
                Response.End()
            Else
                Session("Admin_LoginTime") = rs("Admin_LoginTime").value
                Session("Admin_LoginIP") = rs("Admin_LoginIP").value
                rs("Admin_Logincount").value = rs("Admin_Logincount").value + 1
                rs("Admin_LoginTime").value = Now()
                rs("Admin_LoginIP").value = Request.ServerVariables("REMOTE_ADDR")
                rs.Update()
                Dim objCookieObject As HttpCookie
                objCookieObject = New HttpCookie("TaoddAdmin", rs("Admin_UserName").value)
                Response.AppendCookie(objCookieObject)
                objCookieObject = New HttpCookie("TaoddPassWord", rs("Admin_UserPass").value)
                Response.AppendCookie(objCookieObject)
                'Session.Timeout =1
                rs.close()
                rs = Nothing
                Response.Write("<script language=javascript>this.location.href='index.aspx';</script>")
                Response.End()
            End If
            conn.close()
            conn = Nothing

        End If
    End Sub
End Class
